Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
851
Views
0
Helpful
3
Replies

Email Alert Intrusion only for critical servers

erwin.vzb.070708
Level 1
Level 1

‎02-06-2017 11:20 PM - edited ‎03-12-2019 06:16 AM

We need to have only have email alert intrusions only for critical servers.

The options only I see is for per categories in Policy>Actions>Alerts.

Is this possible?

Labels:
0 Helpful
3 Replies 3

Farhan Mohamed
Cisco Employee
Cisco Employee

‎02-07-2017 03:34 PM

Step 1 Choose Policies > Actions > Alerts.

Step 2 From the Create Alert drop-down menu, choose Create Email Alert.

Step 3 Enter a Name for the alert response.

Step 4 In the To field, enter the email addresses where you want to send alerts, separated by commas.

Step 5 In the From field, enter the email address that you want to appear as the sender of the alert.

Step 6 Next to Relay Host, verify the listed mail server is the one that you want to use to send the alert.

To change the email server, click the edit icon

0 Helpful

erwin.vzb.070708
Level 1
Level 1
In response to Farhan Mohamed

‎02-08-2017 01:50 AM

The procedures you provided is for setting up email alert.

The current situation is that any hosts that affected by intrusions are sending email alerts.

We want to happen is that if there are intrusions only for DMZ servers that is the time it will send email alerts.

 

0 Helpful

Daniel Sandstrom
Level 1
Level 1
In response to erwin.vzb.070708

‎02-13-2017 02:39 AM

You can do this by creating a correlation policy only matching for example the Impact1 events and the servers you are interested in.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card